Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 201 - 210 of 3570 in total

Oracle ATS Arbitrary File Upload Exploit

Disclosed: January 20, 2016

This module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

Fortinet SSH Backdoor Scanner Exploit

Disclosed: January 09, 2016

This module scans for the Fortinet SSH backdoor.

Android ADB Debug Server Remote Payload Execution Exploit

Disclosed: January 01, 2016

Writes and spawns a native payload on an android device that is listening for adb debug messages.

PostgreSQL CREATE LANGUAGE Execution Exploit

Disclosed: January 01, 2016

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is u...

D-Link DCS-930L Authenticated Remote Command Execution Exploit

Disclosed: December 20, 2015

The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12.

TP-Link SC2020n Authenticated Telnet Injection Exploit

Disclosed: December 20, 2015

The TP-Link SC2020n Network Video Camera is vulnerable to OS Command Injection via the web interface. By firing up the telnet daemon, it is possible to gain root on the device. The vulnerability exists at /cgi-bin/admin/servetest, which is accessible with credentials.

Juniper SSH Backdoor Scanner Exploit

Disclosed: December 20, 2015

This module scans for the Juniper SSH backdoor (also valid on Telnet). Any username is required, and the password is <<< %s(un='%s') = %u.

Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability Exploit

Disclosed: December 17, 2015

This module will grab the AD account saved in Symantec Messaging Gateway and then decipher it using the disclosed Symantec PBE key. Note that authentication is required in order to successfully grab the LDAP credentials, and you need at least a read account. Version 10.6.0-7 and earlier are affected

Telisca IPS Lock Cisco IP Phone Control Exploit

Disclosed: December 17, 2015

This module allows an unauthenticated attacker to exercise the "Lock" and "Unlock" functionality of Telisca IPS Lock for Cisco IP Phones. This module should be run in the VoIP VLAN, and requires knowledge of the target phone's name (for example, SEP002497AB1D4B). Set ACTION to either LOCK or UNLOCK. UNLOCK is the...

IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service Exploit

Disclosed: December 15, 2015

This module exploits a denial of service condition present in IBM Tivoli Storage Manager FastBack Server when dealing with packets triggering the opcode 0x534 handler.